On August 14, 2003, a change occurred in the healthcare field related to health insurance. That was the first mandatory deadline set for healthcare organizations to become HIPAA-compliant with regulation standards placed into law in 1996. Often, I hear, What is HIPAA and how does it affect me? or What is that form that my doctor made me sign when I went in for a visit? There are still many of us who don't understand what HIPAA is or how it affects us as healthcare consumers. Hopefully, this article can give you a general understanding of just what HIPAA means and how it affects the HIV community.
HIPAA regulations have been designed to have a broad application. There are four parts to HIPAA: portability, transaction, privacy and security.
Portability refers to protecting an individual's ability to get health insurance if there is a current or preexisting medical condition.
Transaction concerns the process of reporting health-related information. This regulation attempts to standardize the process of how information is reported including claims, enrollment, eligibility and payment.
Privacy and security involve protected health information (PHI). The HIPAA Privacy Rule provides the first national standards for protecting the privacy of health information. Any medical information that contains any personal identifiers such as name, phone numbers, address, medical record numbers or Social Security numbers must have protected access. HIPAA requires that an organization define who has access to PHI and how much of the patient information is accessible. Providers must obtain informed consent from patients in order to disclose, or use PHI, for activities related to treatment and payment. The regulations allow the sharing of information between providers with the same institution, but consent must be given before providers can share information with providers from other institutions. The desired outcome from these rules is to protect individual's medical information from commercial use, personal gain or malicious harm. Now, with all rules and regulations there are a few exceptions. First, PHI can be disclosed without patient consent in an emergency situation, as long as consent is obtained when appropriate after the emergency treatment is delivered. Second, PHI can be obtained by correctional facilities without consent for care and treatment of inmates. And finally, PHI can be disclosed to law enforcement without consent in response to a subpoena.
Organizations involved with HIV care are aware of the need to protect the confidentiality of those individuals receiving services. Accordingly, HIPAA has put into place rules and regulations with civil and criminal penalties to ensure confidentiality and the rights of individuals are protected. While HIPAA does not separately address HIV/AIDS patient information, individuals are still protected under the general guidelines regarding release of any health information including HIV status. Advocates encourage individuals to embrace this opportunity to use HIPAA as a way to discuss confidentiality with their healthcare professionals to know when information is being shared with others and why it is being done. This allows you to understand your rights and impact how your information is being protected.
If you would like more information regarding HIPAA or other laws and how they relate to individuals who are HIV positive, please visit the CDC informational page regarding HIV and the law at www.brta-lrta.org/law/law.htm.